By Marty Phelan martyp@wainet.com
April 29, 2000
Redhat Installed (6.1)
Repository will reside in /home/cvs/cvsroot. You can change this.
CVS v1.11.22 is installed (use yum to install)
Login as root on repository machine
Create a user (& group) called: cvs
Create repository:
cvs -d /home/cvs/cvsroot init
(Repeat this process if you want to create multiple repositories e.g., /home/cvs/cvsroot2, /home/cvs/cvspublic etc). Each repository can have different sets of authorized users.
Change owner and group of repository and all files to cvs:
chown -R cvs:cvs /home/cvs/
Create tcp service by editing /etc/services - add lines (NOTE: May already be present):
cvspserver 2401/tcp #CVS PServer
cvspserver 2401/udpp #CVS PServer
Create inetd entry for service by editing /etc/inetd.conf - add following lines:
# # CVS PServer # cvspserver stream tcp nowait cvs /usr/bin/cvs cvs --allow-root=/home/cvs/cvsroot pserver
NOTE: The above line "cvspserver stream ..." must appear on a single line. If you created multiple repositories in step 3, add an additional --allow-root=[repository path] argument for each repository.
Restart inetd. NOTE: Because you will be restarting inetd from root's session, it will inherit the environment, most notably HOME=/root. This causes the following error when you try to check anything out of the repository:
cvs server: cannot open /root/.cvsignore: Permission denied cvs [server aborted]: can't chdir(/root): Permission denied
To remedy this, use one of two methods.
1) The first method is to restart the server (the problem does not occur when inetd is started during system startup.
2) The second method is a manual restart while logged in as root. For this to work you need to restart inetd without the HOME pointing to root's home directory. Start a terminal session and enter the following:
unset HOME /etc/rc.d/init.d/inet restart
Now login as the user (i used root, because cvs has nologin)cvs. We will now setup the password file for cvs users.
You will need a utility to create encrypted passwords. You can use the below perl script for that purpose:
#!/usr/bin/perl crypt.pl srand (time()); my $randletter = "(int (rand (26)) + (int (rand (1) + .5) % 2 ? 65 : 97))"; my $salt = sprintf ("%c%c", eval $randletter, eval $randletter); my $plaintext = shift; my $crypttext = crypt ($plaintext, $salt); print "${crypttext}\n";
Create a text file in /home/cvs/cvsroot/CVSROOT called passwd and enter the users as shown below (format is: userid:encrypted-password:cvs ):
username1:x$5itFdsw123:cvs username2:3fgRH4p3443:cvs
NOTE: Use the crypt.pl utilty from above to generate the encrypted passwords for the above entries. The passwords for the users should NOT be the same as their unix password (if they have a unix account). The cvs users you enter above do NOT need a unix account.
Set restrictive permissions on the file:
chmod 400 /home/cvs/cvsroot/CVSROOT/passwd
(optional) Repeat step 10 and 11 for each additional repository you created in step 3.
Login as username1
Set the default repository in the environment (will save entering it on every cvs command):
export CVSROOT=:pserver:username1@your_server_name:/home/cvs/cvsroot
(substitute real values for username1, your_server_name and repository path if needed)
Test the basic login:
cvs login
Enter the username1's password. There should not be any error messages.
Create a tiny test project:
cd mkdir testproj echo "//Main Class">testproj/Main.java
Import the project to the repository.
cd testproj cvs import -m "My initial project message" testproj mycompany start
Check to make sure the project was created in the repository. You should see the file Main.java in /home/cvs/cvsroot/testproj
Remove the test project from the repository:
rm --R /home/cvs/cvsroot/testproj
CVSD allows running a repository which has been chroot'ed. This provides an extra level of security. Under this scheme, you will be running the invocation of CVS as root, so this extra bit of security will help. The following are the steps for setting this feature up:
Download CVSD. You can find it at rpmfind or the latest version at CVSD for Linux home page. < LI>Make sure you have already installed CVS. These directions were done using CVS version 1.10.6-2.
Creating group cvsadmin... Creating user cvsowner... no existing cvspserver line in /etc/inetd.conf, adding... cvsd ################################################## Setting up /home/cvsowner/cvsd-root... Now edit/modify/whatever the /home/cvsowner/cvsd-root/etc/passwd file. Default user/passwds are cvs/cvs (for ro anon), user/pass. Change these!
This is one of the harder areas of the Linux build. It is a little harder than other sections because it is not anywhere nearly as well documented as things like Samba although it is defiantly getting there.
First grab yourself a copy of the CVS Server
apt-get -u install cvs
should do it.
I suggest you use the standard path (/var/cvs/cvsroot) for the CVS repository unless you have a particular reason to place it somewhere else. I use /home/cvs/cvsroot in this example. If you want to use an old CVS repository on a new machine just copy it to the new /home/cvs/cvsroot. If you don't currently have a repository to bring over you will have to create one with this command
cvs -d /home/cvs/cvsroot init
which will create a default empty repository at the path specified.Once you have the repository in place you have to run the CVS server from some form of super server such as xinetd or inetd.
To set up xinetd create a file called "cvs" in "/etc/xinetd.d/" with the following content
service cvspserver { port = 2401 socket_type = stream protocol = tcp user = root wait = no type = UNLISTED server = /usr/bin/cvs env = HOME=/home/cvs/cvsroot server_args = -f --allow-root /home/cvs/cvsroot pserver disable = no }
which is simply a service definition. As you can see you can also change the port (2401 is the default) and you can specify a different location for the cvsroot. It is worth noting however that access to a pserver over the internet is asking for trouble unless you restrict it to anonymous read access only. If you want write access then you should use CVS over SSH which is covered below.
It is probably also a good idea to include the environment variable CVSROOT. I find that this is best included in /etc/profile since there is no security problems associated with all the users knowing where the repository is only with them being able to access it. Add these few lines to the /etc/profile file after the "export PATH " line. You will need to log out and log back in to cause the root process to re-read the file. Alternatively you can "su - your_username" with every new console window.
#CVS CVSROOT=/home/cvs/cvsroot export CVSROOT
CVS allows you to add users independently of the underlying OS installation which is both a good thing and a bad thing. Probably the easiest way from a management point of view is to use the Linux users for CVS as well although this does have a few minor security issues since this is just a home network we will grin and bear it.
When you add a user cvs doesn't know that there is already a user on the system with that name. In /home/cvs/cvsroot/CVSROOT/passwd update the users to indicate that they are actually known system users rather than just CVS users. This is done by adding the name of the system account you want the cvs account to run as at the end of the line (use "cvs" for <sys_acc_name>). Each line is made up of three parts <cvs_acc_name>:<cvs_password>:<sys_acc_name>
Now set up a user group called cvs or some such and add your users to this group. Give this group permission to write to the /home/cvs/cvsroot directory and all subdirectories. Change the Group Ownership to be what ever the group was that you created above. Once this is done the CVS users "own" the cvs repository and can from now on create lock files in it.
To keep things simple at this stage we are giving all users the ability to read and write the repository. As things change you will probably want to change this. Allowing everybody access is the default set up.
Depending on what you are intending to do with CVS depends a little on which tools you will want to use on the client side to interact with your repository. I do most Java work and use NetBeans as my development environment of choice. This has built in CVS functionality that works very well.
If you have an old CVS Repository sitting around from an old install just drop that in place. There is no need to re-import everything
An import can be performed using ssh as the communication channel by first setting the appropriate environment variable. For instance: (Note: the last two lines should be on one line I had to break it at the -m)
CVS_RSH=ssh export CVS_RSH cvs -d :ext:username@servername.com:/home/cvs/cvsroot import -m "initial check in" util crazysquirrel initial
In order to use CVS over SSH in NetBeans 3.6 you must have the SSH_Agent set up.
Define the location of the repositories in "/etc/cvs-pserver.conf". Then restart inetd with
To then check something out so that it can so that it can be modified use
CVS_RSH=ssh export CVS_RSH cvs -d :ext:username@servername.com:/home/cvs/cvsroot checkout modulename
Where you have to replace username, servername.com and modulename (and optionally the /home/cvs/cvsroot) with the correct values. Obviously the first two lines can be skipped if you already have this value set as an environment value. This system is particularly useful if you want to check out the repository for use in NetBeans and you don't want an extra level of directories present. I am sure it is possible to achieve the same result using NetBeans CVS module but I can't seem to make it work consistently. This on the other hand always provides a clean simple directory structure. Don't forget that you have delete the directory you imported above or the checkout wont work (because it tries to create this directory). Strictly speaking this is only the case where you are trying to checkout over the directory you have imported but I find I do this quite often and you probably don't want an old version of the files kicking about anyway.